TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    US company spending on private jets for personal use hits 10-year high

    June 27, 2022

    Jump in the public queue to purchase a PS5 from Sony

    June 27, 2022

    Russian missile strike on Ukraine shopping mall draws outcry

    June 27, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Jump in the public queue to purchase a PS5 from Sony

      June 27, 2022

      Amazon is reportedly hosting a second major Prime-exclusive shopping event this year

      June 27, 2022

      Valve is doubling Steam Deck shipments, so you might get yours faster

      June 27, 2022

      The Supreme Court says it won’t consider rewriting defamation law… yet

      June 27, 2022

      Roku’s capable Streambars are down to their lowest prices

      June 27, 2022
    • Business
    • Cyber Security

      87% of executives have no cybersecurity tools on personal devices

      June 27, 2022

      CISA releases cloud security reference

      June 27, 2022

      Colin Ahern named New York’s Chief Cyber Officer

      June 27, 2022

      Contractors don’t have to increase your risk profile

      June 27, 2022

      Pharmaceutical company secures network with AppSec compliance tools

      June 24, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»WordPress 5.1.1 Patches Remote Code Execution Vulnerability
    Cyber Security

    WordPress 5.1.1 Patches Remote Code Execution Vulnerability

    March 14, 2019Updated:March 14, 2019No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    WordPress this week addressed a vulnerability that could allow an unauthenticated attacker to execute code remotely and take over vulnerable websites. 

    The vulnerability impacts the manner in which comments are filtered and then stored in the database, and any WordPress installation prior to version 5.1.1 with comments enabled is vulnerable.

    To exploit the vulnerability, an attacker would have to trick the site administrator to visit a domain to trigger a cross-site request forgery (CSRF) exploit in the background. The exploit leverages a series of logic flaws and sanitization errors to execute code and take over the target site, Simon Scannell of RIPS Technologies explains. 

    The vulnerability is exploitable with default settings and, with most WordPress installations having comments enabled, millions of websites are likely impacted, the security researcher says. 

    The core of the problem, Scannell explains, is that WordPress doesn’t perform CSRF validation when a user posts a new comment (features such as trackbacks and pingbacks would break if validations were in place), which allows an attacker to create comments in the name of administrators. 

    Given that administrators are allowed to use arbitrary HTML tags in comments, even